A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.
nTimetools is a suite of console tools developed to work with timestamps in Windows. nTimetools comprises 2 tools that allow both forensic analysts as well as red teamers to modify and verify file timestamps up to 100-nanosecond precision. nTimeview allows forensic analysts to view the MACB timestamps of files on a live system. It uses the undocumented NtQueryInformationFile API. As such, it works on NTFS/FAT and even mapped drives. It does not require privileged access. nTimestomp allows red teamers to timestomp MACB timestamps of files with 100-nanosecond level precision. Forensic analysts are usually taught to spot 0s in the millisecond position as evidence that timestomping has occurred.
A software utility with forensic tools for smartphones, offering powerful data extraction and decoding capabilities.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A Mac OS X computer forensics tool for analyzing system artifacts, user files, and logs with reputation verification and log aggregation capabilities.
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
A library for working with Windows NT data types, providing access and manipulation functions.
A cross-platform registry hive editor for forensic analysis with advanced features like hex viewer and reporting engine.